To personalize their experiences in the car, users can create a profile and optionally set a PIN to protect it.
Trusted devices help with user identification, user authentication, and personalization when re-entering the car.
- User identification: If the car has multiple profiles, a trusted device helps the user bring up the right profile associated with their phone.
- User authentication: If a user's profile is locked, a trusted device helps the user bypass the PIN screen.
- Personalization: With a trusted device, users can access an individualized experience with their favorite settings in the car.
Design guidance
Designing for trusted devices requires balancing passive automation with active control. Your goal is to make the car feel like an extension of the driver's personal digital space while helping ensure that they remain in command of their data.
Establish a clear mental model for profiles in the car, whether through the initial setup flow, consecutive profile creation moments, or when activating a trusted device. It's important to reinforce the concept of an individualized user space in the car, and how the user's phone acts as an identifier to recall and unlock it.
Seamless profile authentication
The most significant benefit of a trusted device is bypassing the standard lock screen.
- Passive unlocking: Design the system to automatically unlock the Android user profile as the driver approaches or enters the car. This works by using an "escrow token" passed from the phone to authenticate the active user's lock screen.
- Visual confirmation: Provide a subtle greeting or visual cue on the head unit to confirm the profile has unlocked and loaded. This prevents the driver from wondering if the system successfully recognized their device.
- Fallback awareness: Verify that manual PIN or pattern entry remains available as a primary fallback if the trusted device is missing, its battery is dead, or it fails to connect.
Contextual data synchronization
Trusted devices act as a gateway for personal data that should only exist in the car while the device is present.
- Ephemeral calendar sync: When the system detects a trusted device, it can sync the phone's calendar to the car's database (the Android Calendar Provider).
- Privacy-first wiping: Design the system to automatically wipe all synced calendar data as soon as the phone is no longer present, verifying that no personal data remains accessible to the next driver.
- Messaging continuity: The car can listen for third-party message notifications from the phone. These should be displayed as glanceable heads-up notifications (HUNs) that the driver can manage hands-free using Google Assistant.
Transparent trust management
Drivers must feel they have total control over which devices are trusted and what those devices can access.
- Onboarding with QR code: Users can onboard using their car's head unit or a mobile phone using a QR code that initiates the trusted association within your mobile companion app.
- Granular permission toggles: Within the mobile app UI, allow drivers to independently enable or disable specific features, such as trusted device unlocking, calendar sync, or messaging notifications.
- Trust revocation: Provide a clear, one-touch method in both the car's settings and the mobile app to "untrust" a device immediately.
Cross-platform implementation
Account for technical differences between mobile operating systems, while also keeping the user experience consistent.
- Messaging limitations: Support for reading and replying to third-party messages might vary between Android and iOS phones due to technical limitations on the phone side.
- Unified UI reference: Use the provided Flutter UI reference apps to verify that your setup and management screens look identical on both iOS and Android. This consistency reinforces brand trust regardless of the driver's device choice.